Watch #2224
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Watch | |
on: | |
schedule: | |
- cron: '30 */4 * * *' | |
push: | |
branches: ['master'] | |
workflow_dispatch: | |
jobs: | |
docker: | |
name: Push tagged docker image | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
packages: write | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
ref: master | |
- name: Login to ghcr | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Update Dockerfile with latest version | |
id: fetch_version | |
run: | | |
last=$(curl -s https://packagist.org/packages/vimeo/psalm.json|jq '[.package.versions[]|select(.version|test("^\\d+\\.\\d+\\.\\d+$"))|.version]|max_by(.|[splits("[.]")]|map(tonumber))') | |
last=$(echo $last | tr -d '"') | |
echo "Last Psalm version is $last" | |
echo "last=$last" >> $GITHUB_OUTPUT | |
sed -i -re "s/require vimeo\/psalm/require vimeo\/psalm:$last/" Dockerfile | |
cat Dockerfile | |
- name: Build images | |
run: docker build -t ghcr.io/mbinorg/psalm-security-scan:${{ steps.fetch_version.outputs.last }} -t ghcr.io/mbinorg/psalm-security-scan:latest . | |
- name: Publish | |
run: | | |
docker push ghcr.io/mbinorg/psalm-security-scan:${{ steps.fetch_version.outputs.last }} | |
docker push ghcr.io/mbinorg/psalm-security-scan:latest | |
- name: Update action.yml | |
run : | | |
git config --global user.name "psalmbot" | |
git config --global user.email "[email protected]" | |
yq -i ".runs.image = \"docker://ghcr.io/mbinorg/psalm-security-scan:${{ steps.fetch_version.outputs.last }}\"" action.yml | |
# Push commit when a file change has been made, skip if the commit would be empty | |
git commit -m "Add newer psalm docker image version ${{ steps.fetch_version.outputs.last }}" action.yml && | |
git push origin master || | |
true |